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QUESTION & ANSWERS 


Question: 1 


The security team has decided to follow the VMware-recommended best practices in the vSphere hardening guide. 
esxi02b: 

Your first task is to create a local user in esxi02b: 

* Name: SpecialUser 

* Role: Administrator 

Your second task is to ensure that SpecialUser is the ONLY user who is able to SSH into esxi02b via Putty. 

Your final task is to enforce a strict lockdown on esxi02b. 

Your second task is to ensure that SpecialUser is the ONLY user who is able to SSH into esxi02b via Putty. 

Your final task is to enforce a strict lockdown on esxi02b. 


Answer: see explanation below 


Explanation/Reference: 


Authentication and authorization govern access.vCenter Single Sign-Onsupports authentication, which means it 
determines whether a user can access vSphere components at all. Each user must also be authorized to view or 
manipulate vSphere objects. 

vSphere supports several different authorization mechanisms, discussed inUnderstanding Authorization in vSphere. The 
focus of the information in this section is how thevCenter Serverpermission model works and how to perform user 
management tasks. 

vCenter Serverallows fine-grained control over authorization with permissions and roles. When you assign a permission to 
an object in thevCenter Serverobject hierarchy, you specify which user or group has which privileges on that object. To 
specify the privileges, you use roles, which are sets of privileges. 

Initially, only the administrator user for the vCenter Single Sign-On domain, administrator@vsphere.local by default, is 
authorized to log in to thevCenter Serversystem. That user can then proceed as follows: 

Add an identity source in which users and groups are defined tovCenter Single Sign-On. See thePlatform Services 
Controller Administrationdocumentation. 

Give privileges to a user or group by selecting an object such as a virtual machine or avCenter Serversystem and 
assigning a role on that object for the user or group. 


Question: 2 


You have just deployed a new vCenter Server Appliance. Vcsa0l 

a. and are required to back up to configuration after deployment. To complete this task, perform an unencrypted backup 
of the vCenter Server Appliance using the following details: 

* Use the FTP protocol to backup the appliance 

* FTP Server Location: 172.20.10.10/ 

* FTP Username: administrator 

* FTP Password: VMwarel1! 

Note: Make sure you include the / at the end of the Server Location 


Answer: see explanation below 


Explanation/Reference: 


Prerequisites 
You must have an FTP, FTPS, HTTP, HTTPS, or SCP server up and running with sufficient disk space to store the backup. 
Dedicate a separate folder on your server for each file-based backup. 


Procedure 

In a Web browser, go to thevCenter Server ApplianceManagement Interface, https://appliance-IP-address-or-FQDN:5480. 
Log in as root. 

In thevCenter Server ApplianceManagement Interface, clickSummary. 

ClickBackup. 

TheBackup Appliancewizard opens. 

Enter the backup protocol and location details. 

Option 

Description 

Backup protocol 

Select the protocol to use to connect to your backup server. You can select FTP, FTPS, HTTP, HTTPS, or SCP. 
For FTP, FTPS, HTTP, or HTTPS the path is relative to the home directory configured for the service. For SCP, the path is 
absolute to the remote systems root directory. 

Backup location 

Enter the server address and backup folder in which to store the backup files. 

Port 

Enter the default or custom port of the backup server. 

User name 

Enter a user name of a user withwriteprivileges on the backup server. 

Password 

Enter the password of the user withwriteprivileges on the backup server. 

(Optional)SelectEncrypt Backup Datato encrypt your backup file and enter a password for the encryption. 
If you select to encrypt the backup data, you must use the encryption password for the restore procedure. 
ClickNext. 

On the Select parts to backup page, review the data that is backed up by default. 

(Optional)SelectStats, Events, and Tasksto back up additional historical data from the database. 
(Optional)In theDescriptiontext box, enter a description of the backup and clickNext. 

On the Ready to complete page, review the summary information for the backup and clickFinish. 
TheBackup Progresswindow opens and indicates the progress of the backup operation. 

After the backup process finishes, clickKOKto close theBackup Progresswindow. 

Results 

You successfully created a backup file of thevCenter Server Appliance. 


Question: 3 


A vSphere administrator has deployed a new server. The VM will have a workload which is prodApp1 to the following 
specifications: 

* The VM should never have any memory contention while powered on. even if the host that it resides 

* Configure the virtual machine for high latency sensitivity. 


Answer: see explanation below 


Explanation/Reference: 


Send us your suggestions. 


Question: 4 


A user has approached you about a virtual machine with the name infra-1 that is performing poorly on the vCenter Server 
vcsa0l 
a. In order to analyze the data offline, your team requires the esxtop data from the problem host with the following 


requirements: 

* The esxtop data must be in CSV format 

* The data must contain 20 iterations with a delay 

Once captured, copy the results CSV file from the destination datastore on the host to the Desktop of the ControlCenter 
VM with the filename ‘esxiOlb-capture.csv'. 

Note: WindSCP is installed on the Controller. 


Answer: see explanation below 


Explanation/Reference: 


Do the following before you start to troubleshoot a problem using esxtop: 1. Log on to the VMware Management Interface 
for the ESX Server machine in question. Refer to the online document, Logging Into the VMware Management Interface, 
for details. In the status monitor, under Virtual Machines, note the virtual machine IDs (or VMIDs) for all virtual machines 
running on the server. 
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2. Make certain you have an secure shell (SSH) client. Windows users can get a free SSH client from 
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. 3. If you have ESX Server version 2.0.x, refer to the 
VMware Knowledge Base Answer ID 1078 for instructions on downloading and installing the VMware performance 
monitoring tools, esxtop and vmkusage. ESX Server version 2.1 and higher include esxtop and vmkusage. See Using 
vmkusage to Isolate Performance Problems on page 6 for a description of vmkusage. Starting esxtop Perform the 
following steps to start and set up esxtop 

1. Using a secure shell (SSH), log on to the ESX Server machine as root. 2. Enter esxtop in the SSH command line. The 
esxtop display appears. 
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Note: The esxtop tool includes several interactive commands. To view a list of the interactive commands, enter h. 3. 


